.desktop files, serious security hole, virus-friendliness

Benedikt Meurer benny at xfce.org
Mon Apr 3 20:11:28 EEST 2006


Thiago Macieira wrote:
>>I'd propose to optionally include a digital signature for the Exec field
>>(i.e. add an ExecSignature field to the spec) and let the file manager
>>ask the user whether he/she trusts the signee or popup a warning if no
>>signature is present. Distributions should then ship with a good default
>>set of trusted certificates (i.e. for Gnome, KDE, Xfce, etc.), so users
>>shouldn't see the warning unless they're trying to execute a
>>virus.desktop or a .desktop file whose signee is not yet in the trustdb.
> 
> [I'm not trying to shoot your idea down; I'm just raising some discussion 
> points]
> 
> How would this work for user-created files? Should the desktop 
> automatically sign the files? Should we require each and every user to 
> have a GPG key?

We could simply use the key of the user if any, and otherwise generate a
key on-the-fly for the user. Once an attacker/virus has access to the
generated key, it's already too late to think about security holes in
.desktop files, so that should work pretty well.

Benedikt



More information about the xdg mailing list